{"title":"基于静态指令赋值和动态内存分析的ROP自动生成","authors":"Ning Huang, Shuguang Huang, Chao Chang","doi":"10.4018/IJDCF.2021030104","DOIUrl":null,"url":null,"abstract":"W⊕X is a protection mechanism against control-flow hijacking attacks. Return-oriented programming (ROP) can perform a specific function by searching for appropriate assembly instruction fragments (gadgets) in a code segment and bypass the W⊕X. However, manual search for gadgets that match the conditions is inefficient, with high error and missing rates. In order to improve the efficiency of ROP generation, the authors propose an automatic generation method based on a fragmented layout called automatic generation of ROP. This method designs new intermediate instruction construction rules based on an automatic ROP generation framework Q, uses symbolic execution to analyze program memory states and construct data constraints for multi-modules ROP, and solves ROP data constraints to generate test cases of an ROP chain. Experiments show that this method can effectively improve the space efficiency of the ROP chain and lower the requirements of the ROP layout on memory conditions.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":null,"pages":null},"PeriodicalIF":0.6000,"publicationDate":"2021-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Automatic Generation of ROP Through Static Instructions Assignment and Dynamic Memory Analysis\",\"authors\":\"Ning Huang, Shuguang Huang, Chao Chang\",\"doi\":\"10.4018/IJDCF.2021030104\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"W⊕X is a protection mechanism against control-flow hijacking attacks. Return-oriented programming (ROP) can perform a specific function by searching for appropriate assembly instruction fragments (gadgets) in a code segment and bypass the W⊕X. However, manual search for gadgets that match the conditions is inefficient, with high error and missing rates. In order to improve the efficiency of ROP generation, the authors propose an automatic generation method based on a fragmented layout called automatic generation of ROP. This method designs new intermediate instruction construction rules based on an automatic ROP generation framework Q, uses symbolic execution to analyze program memory states and construct data constraints for multi-modules ROP, and solves ROP data constraints to generate test cases of an ROP chain. Experiments show that this method can effectively improve the space efficiency of the ROP chain and lower the requirements of the ROP layout on memory conditions.\",\"PeriodicalId\":44650,\"journal\":{\"name\":\"International Journal of Digital Crime and Forensics\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2021-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Digital Crime and Forensics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJDCF.2021030104\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Digital Crime and Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJDCF.2021030104","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
Automatic Generation of ROP Through Static Instructions Assignment and Dynamic Memory Analysis
W⊕X is a protection mechanism against control-flow hijacking attacks. Return-oriented programming (ROP) can perform a specific function by searching for appropriate assembly instruction fragments (gadgets) in a code segment and bypass the W⊕X. However, manual search for gadgets that match the conditions is inefficient, with high error and missing rates. In order to improve the efficiency of ROP generation, the authors propose an automatic generation method based on a fragmented layout called automatic generation of ROP. This method designs new intermediate instruction construction rules based on an automatic ROP generation framework Q, uses symbolic execution to analyze program memory states and construct data constraints for multi-modules ROP, and solves ROP data constraints to generate test cases of an ROP chain. Experiments show that this method can effectively improve the space efficiency of the ROP chain and lower the requirements of the ROP layout on memory conditions.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
